Google Git
Sign in
pigweed / third_party / github / zephyrproject-rtos / zephyr / 201a1b402a60bc7b8e41daae8f04106f4629ed7b^! / .
commit201a1b402a60bc7b8e41daae8f04106f4629ed7b[log] [tgz]
authorTomasz Bursztyka <tomasz.bursztyka@linux.intel.com>Tue May 29 13:11:00 2018 +0200
committerAnas Nashif <anas.nashif@intel.com>Tue May 29 16:23:18 2018 -0400
treeede94e33b0c26d449da944ea8b55c5e7f64501d1
parent13e1c3c2f84d0a124d531a0fd747752073722ca8 [diff]
net/ieee802154: Security session must be initialized with a valid key

Security layer was tested only against CC2520, which does not mandate to
begin the session with a valid key. However, the crypto API tells it
must do so. And indeed, starting a session on mtls shim crypto device
will fail due to missing key. Thus moving the relevant code where it
should.

Reported-by: Johann Fischer <j.fischer@phytec.de>

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>

diff --git a/subsys/net/ip/l2/ieee802154/ieee802154_security.c b/subsys/net/ip/l2/ieee802154/ieee802154_security.c
index e5b4a5f..204a8a1 100644
--- a/subsys/net/ip/l2/ieee802154/ieee802154_security.c
+++ b/subsys/net/ip/l2/ieee802154/ieee802154_security.c

@@ -22,6 +22,7 @@
 				      u8_t *key, u8_t key_len)
 {
 	u8_t tag_size;
+	int ret;
 
 	if (level > IEEE802154_SECURITY_LEVEL_ENC_MIC_128 ||
 	    key_mode > IEEE802154_KEY_ID_MODE_SRC_8_INDEX) {
@@ -58,6 +59,27 @@
 	sec_ctx->enc.mode_params.ccm_info.tag_len = tag_size;
 	sec_ctx->dec.mode_params.ccm_info.tag_len = tag_size;
 
+	ret = cipher_begin_session(sec_ctx->enc.device, &sec_ctx->enc,
+				   CRYPTO_CIPHER_ALGO_AES,
+				   CRYPTO_CIPHER_MODE_CCM,
+				   CRYPTO_CIPHER_OP_ENCRYPT);
+	if (ret) {
+		NET_ERR("Could not setup encryption context");
+
+		return ret;
+	}
+
+	ret = cipher_begin_session(sec_ctx->dec.device, &sec_ctx->dec,
+				   CRYPTO_CIPHER_ALGO_AES,
+				   CRYPTO_CIPHER_MODE_CCM,
+				   CRYPTO_CIPHER_OP_DECRYPT);
+	if (ret) {
+		NET_ERR("Could not setup decryption context");
+		cipher_free_session(sec_ctx->enc.device, &sec_ctx->enc);
+
+		return ret;
+	}
+
 	return 0;
 }
 
@@ -153,7 +175,6 @@
 int ieee802154_security_init(struct ieee802154_security_ctx *sec_ctx)
 {
 	struct device *dev;
-	int ret;
 
 	memset(&sec_ctx->enc, 0, sizeof(struct cipher_ctx));
 	memset(&sec_ctx->dec, 0, sizeof(struct cipher_ctx));
@@ -170,26 +191,8 @@
 	sec_ctx->enc.mode_params.ccm_info.nonce_len = 13;
 	sec_ctx->dec.mode_params.ccm_info.nonce_len = 13;
 
-	ret = cipher_begin_session(dev, &sec_ctx->enc,
-				   CRYPTO_CIPHER_ALGO_AES,
-				   CRYPTO_CIPHER_MODE_CCM,
-				   CRYPTO_CIPHER_OP_ENCRYPT);
-	if (ret) {
-		NET_ERR("Could not setup encryption context");
-
-		return ret;
-	}
-
-	ret = cipher_begin_session(dev, &sec_ctx->dec,
-				   CRYPTO_CIPHER_ALGO_AES,
-				   CRYPTO_CIPHER_MODE_CCM,
-				   CRYPTO_CIPHER_OP_DECRYPT);
-	if (ret) {
-		NET_ERR("Could not setup decryption context");
-		cipher_free_session(dev, &sec_ctx->enc);
-
-		return ret;
-	}
+	sec_ctx->enc.device = dev;
+	sec_ctx->dec.device = dev;
 
 	return 0;
 }